org.apache.shiro:shiro-web is vulnerable to authentication bypass attacks. A remote attacker is able bypass the authentication mechanism when forwarding or including via RequestDispatcher
.
CPE | Name | Operator | Version |
---|---|---|---|
apache shiro :: web | le | 1.9.1 | |
apache shiro :: lang | le | 1.9.1 | |
apache shiro :: web | le | 1.9.1 | |
apache shiro :: lang | le | 1.9.1 |
www.openwall.com/lists/oss-security/2022/10/12/1
www.openwall.com/lists/oss-security/2022/10/12/2
www.openwall.com/lists/oss-security/2022/10/13/1
github.com/apache/shiro/commit/e47feebca1f5e5a7becec815380fbe6e2900be15
github.com/apache/shiro/pull/369
issues.apache.org/jira/browse/SHIRO-887
lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
security.netapp.com/advisory/ntap-20221118-0005/
www.openwall.com/lists/oss-security/2022/10/12/1
www.openwall.com/lists/oss-security/2022/10/12/2
www.openwall.com/lists/oss-security/2022/10/13/1